Contact  |  Language:  EN  |  DE  |  LT
ISO-27001-CERTIFIED.gif
Advisories

2014


2013


2012


2011


2010


2009


2008


2007


2006


2005

[2005-10-21]

2004


2003

[2003-02-28]

[2014-04-11] Multiple vulnerabilities in Plex Media Server
Plex Media Server contains several vulnerabilities that allow an attacker to intercept traffic between Plex Media Server and clients in plaintext. Furthermore Cross Site Request Forgery (CSRF) vulnerabilities allow an attacker to execute privileged commands in the context of Plex Media Server.
[2014-04-02] Multiple vulnerabilities in Rhythm File Manager
An attacker being able to connect to the Android device (e.g. if he uses the same Wireless network), can access arbitrary local files from the device while the File Manager app is being used to stream media. Moreover, a malicious Android app or an attacker being able to connect to the Android device may issue system commands as the user "root" if "root browsing" is enabled.
[2014-03-28] Multiple vulnerabilities in Symantec LiveUpdate Administrator
Attackers are able to compromise Symantec LiveUpdate Administrator at the application and database levels because of vulnerable password reset functionality and SQL injection vulnerabilities. This enables access to credentials of update servers on the network without prior authentication.
[2014-03-07] Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot
Unauhenticated attackers are able to gain access to sensitive configuration (e.g. WLAN passwords in clear text or IMEI information of the SIM card) and even manipulate all settings in the web administration interface! This can even be exploited remotely via Internet depending on the mobile operator setup or via CSRF attacks.
[2014-02-28] Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch Web Manager
Attackers are able to elevate privileges during login from read-only user rights to full read/write or debug access rights by simply changing result values of the affected CGI script. This allows attackers to reconfigure the device.
[2014-02-28] Authentication bypass (SSRF) and local file disclosure in Plex Media Server
The Plex Media Server proxy functionality fails to properly validate pre-authentication user requests. This allows unauthenticated attackers to make the Plex Media Server execute arbitrary HTTP requests and hence bypass all authentication and execute commands with administrative privileges. Furthermore, because of insufficient input validation, arbitrary local files can be disclosed without prior authentication including passwords and other sensitive information.
[2014-02-27] Local Buffer Overflow vulnerability in SAS for Windows
Attackers are able to completely compromise SAS clients when a malicious SAS program gets executed as the software "SAS for Windows" is affected by a local buffer overflow vulnerability.
[2014-02-18] Critical vulnerabilities in Symantec Endpoint Protection
Attackers are able to completely compromise the Symantec Endpoint Protection Manager server as they can gain access at the system and database level because of critical XXE and SQL injection vulnerabilities. Furthermore attackers can manage all endpoints and possibly deploy attacker-controlled code on clients.
[2014-01-22] Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12)
Attackers are able to completely compromise the T-Mobile Austria HOME NET router (based on Huawei B593u-12) without prior authentication. Depending on the configuration of the router it is also possible to exploit the flaws directly from the Internet.
[2014-01-22] Backdoor account & command injection vulnerabilities in Allnet IP-Cam ALL2281
The IP camera Allnet ALL2281 is affected by critical vulnerabilities that allow an attacker to gain access to the webinterface via a backdoor account. Furthermore, executing arbitrary OS commands is possible.
[2013-12-27] XPath Injection in IBM Web Content Manager
By exploiting the identified XPath Injection vulnerability, an unauthenticated user is able to extract sensitive application configuration data from vulnerable installations of IBM Web Content Manager.
[2013-11-13] Cross-site scripting vulnerabilities in EMC Documentum eRoom
Due to improper input validation, Documentum eRoom suffers from multiple cross-site scripting vulnerabilities, which allow an attacker to steal other user's sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms.
[2013-10-15] Multiple critical vulnerabilities in SpamTitan
SpamTitan suffers from multiple critical vulnerabilities. Unauthenticated attackers are able to completely compromise the system and extract or manipulate database contents.
[2013-10-04] SQL injection vulnerability in Zabbix
The monitoring solution Zabbix is vulnerable to SQL injection. Attackers are able to gain access to database contents or elevate privileges and even take over the monitoring system.
[2013-10-03] Denial of service vulnerability in Citrix NetScaler
A Citrix NetScaler component is affected by a denial of service vulnerability. Attackers can keep the appliance in a constant reboot loop resulting in total loss of availability.
[2013-09-04] Multiple vulnerabilities in GroupLink everything HelpDesk
By exploiting the undocumented password reset functionality, an unauthenticated attacker can gain administrative access to the affected Helpdesk system. The Cross-Site Scripting vulnerability can be used to attack users the affected application.
[2013-08-05] Vodafone EasyBox default WPS PIN algorithm weakness
The algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. The serial number can be derived from the MAC address. An unauthenticated attacker within the range of the access point can capture the BSSID (eg. from 802.11 Beacon Frames) and calculate the default WPS PIN for it.
[2013-07-26] Multiple vulnerabilities – Surveillance via Symantec Web Gateway
The identified vulnerabilities enable state-sponsored or criminal hackers to take full control of the Symantec Web Gateway Appliance. The surveillance of all internet web activities, which are supposed to be protected by the Symantec solution, can be performed by the attacker easily.
[2013-07-19] Multiple vulnerabilities in Sybase EAServer
Sybase EAServer is vulnerable to Path Traversal and XML External Entity Injection attacks. By exploiting these vulnerabilities an unauthenticated attacker can retrieve administrative credentials from configuration files and run arbitrary OS commands using the WSH service.
[2013-07-09] Denial of service vulnerability in Apache CXF
Apache CXF is vulnerable to denial of service attacks within the XML parser.
[2013-06-25] Multiple vulnerabilities in IceWarp Mail Server
IceWarp Mail Server is vulnerable to reflected Cross-Site Scripting and XXE Injection attacks. By exploiting the XXE vulnerability, an unauthenticated attacker can get read access to the filesystem of the IceWarp Mail Server host and thus obtain sensitive information such as the configuration files.
[2013-06-14] Critical vulnerabilities in Siemens OpenScape Branch & SBC
Siemens OpenScape Branch & SBC are vulnerable to critical vulnerabilities such as unauthenticated execution of OS commands or file disclosure. Attackers are able to take over the operating system and potentially intercept VoIP traffic or phone calls.
[2013-06-05] Critical vulnerabilities in CTERA portal
CTERA portal contains multiple and partly critical security issues such as XML External Entity injection that allows unauthenticated attackers to fully take over the affected server.
[2013-05-23] JavaScript Execution in IBM WebSphere DataPower Services
IBM WebSphere DataPower Appliance XI50 is vulnerable to cross site scripting if the appliance is configured to blindly echo back requests to the sender.
[2013-05-07] Multiple vulnerabilities in NetApp OnCommand System Manager
NetApp OnCommand System Manager suffers from multiple security issues such as cross site scripting. Authenticated attackers can also read arbitrary files or execute operating system commands.
[2013-04-17] Multiple vulnerabilities in Sosci Survey
Sosci Survey is vulnerable to Cross-Site Scripting, authorization bypass and remote command execution vulnerabilities which can be exploited by remote attackers.
[2013-04-17] Oracle Java ActiveX Control Memory Corruption
A memory corruption vulnerability in Oracle Java(TM) Web Start Launcher could potentially result in an arbitrary code execution or cause a crash.
[2013-04-17] HTTP header injection/Cache poisoning in Oracle WebCenter
Due to unsanitized user input it is possible to inject arbitrary HTTP header values in certain HTTP responses of the Satellite Server. Moreover, the Satellite Server caches these HTTP responses with the injected HTTP header.
[2013-04-08] Insecure library loading in Nitro Pro 8
Nitro Pro is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a remote WebDAV or SMB share which contains a specially crafted DLL.
[2013-04-04] Multiple vulnerabilities in Censornet Professional v4
Censornet Professional v4 suffers from multiple Cross-Site Scripting and SQL Injection vulnerabilities which can be exploited by an authenticated attacker.
[2013-04-03] Multiple vulnerabilities in Sophos Web Protection Appliance
Several vulnerabilities in Sophos Web Protection Appliance including a local file disclosure and an OS command injection vulnerability allow unauthenticated users to fully compromise the system.
[2013-03-13] Integer overflow in QlikView Desktop Client
An integer overflow vulnerability exists in the .qvw file format parser. Successful exploitation of this vulnerability could result in an arbitrary code execution within the QlikView Desktop client.
[2013-03-11] Persistent cross site scripting in jforum
An authenticated user is able to perform cross-site scripting attacks e.g. create relogin trojan horses or steal session cookies in the context of the affected website that uses a vulnerable version of jforum.
[2013-03-08] Multiple critical vulnerabilities in GroundWork Monitor Enterprise
GroundWork Monitor Enterprise suffers from multiple critical vulnerabilities. The most severe problems are that an unauthenticated attacker is able to elevate his privileges (gain admin access), execute arbitrary operating system commands, take over the whole monitoring system and gain access to sensitive configuration files with clear text passwords of the monitored systems. An attacker is therefore easily able to spread the attack within the internal network. Keep in mind that the optional technical bulletin of GroundWork only makes changes to the configuration and does not solve the underlying issues within the source code!
[2013-03-08] Multiple critical vulnerabilities in GroundWork Monitor Enterprise Part 2
GroundWork Monitor Enterprise suffers from multiple critical vulnerabilities. The most severe problems are that an unauthenticated attacker is able to elevate his privileges (gain admin access), execute arbitrary operating system commands, take over the whole monitoring system and gain access to sensitive configuration files with clear text passwords of the monitored systems. An attacker is therefore easily able to spread the attack within the internal network. Keep in mind that the optional technical bulletin of GroundWork only makes changes to the configuration and does not solve the underlying issues within the source code!
[2013-01-24] Barracuda Networks SSL VPN Authentication Bypass
By setting of Java System Properties an unauthenticated attacker can disable various security mechanisms and thus gain access to an internal API. Among other functions, an attacker can set passwords for admin accounts.
[2013-01-24] Critical backdoor in multiple Barracuda Networks Appliances
The firewall rules on the appliance enable remote attackers from a certain set of IP ranges to access the appliance via SSH using weak default user account passwords.
[2013-01-22] F5 BIG-IP SQL injection vulnerability
Due to insufficient input validation in F5 BIG-IP, an authenticated attacker can inject arbitrary SQL commands, thus gaining full database and partial file system access.
[2013-01-22] F5 BIG-IP XML external entity injection vulnerability
Due to insufficient input validation in F5 BIG-IP, an authenticated attacker can disclose arbitrary local files with the privileges of the webserver (including the /etc/shadow file) and cause denial of service.
[2012-12-20] Multiple vulnerabilities in ELBA Electronic Banking application
The stand-alone and network version of ELBA5 v5.5 is prone to a SQL injection vulnerability, uses default hardcoded passwords and stores user passwords as plaintext in a database. Furthermore, a stack based buffer overflow that is highly severe in multi user environments exists in a used third party component.
[2012-12-03] F5 FirePass SSL VPN Unauthenticated local file inclusion
Due to insufficient input validation in F5 FirePass SSL VPN, an unauthenticated attacker can disclose arbitrary local files with the privileges of the webserver, cause denial of service and execute arbitrary commands.
[2012-11-15] Applicure dotDefender WAF format string vulnerability
The web application firewall dotDefender by Applicure is vulnerable to a format string injection attack. Under certain circumstances, an attacker could exploit this vulnerability to execute arbitrary code on the web server running dotDefender.
[2012-10-17] ModSecurity multipart/invalid part ruleset bypass
ModSecurity can be bypassed on Apache/PHP installations by sending specially formed multipart requests. An attacker who exploiting this flaw can send arbitrary POST parameters to a web application even though ModSecurity is active.
[2012-10-17] SQL Injection vulnerability in Unirgy uStoreLocator
Due to a programming error, the uStoreLocator module for Magento eCommerce platform allows the injection of direct SQL commands, which are executed on the backend database server through the web application.
[2012-10-17] Multiple vulnerabilities in Oracle WebCenter Sites
Multiple vulnerabilities in Oracle WebCenter Sites (former FatWire Content Server) allow an attacker to elevate her privileges and access arbitrary data of the backend database system.
[2012-08-29] Critical vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway provides SSH access via a hidden "support"-user.
[2012-07-12] Critical vulnerability in Magento eCommerce platform
Magento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. By exploiting this vulnerability a web application may be coerced to open arbitrary files and/or TCP connections.
[2012-06-26] Critical vulnerability in Zend Framework
Zend Framework suffers from a critical security issue (XML eXternal entity injection). By exploiting this vulnerability a web application may be coerced to open arbitrary files and/or TCP connections. As the Zend framework is being used widely, other web applications may be vulnerable too!
[2012-06-18] Western Digital ShareSpace Web GUI Sensitive Data Disclosure
WD ShareSpace Web GUI is prone to an unauthenticated sensitive data disclosure (such as network settings, SMB users & hashed passwords, admin credentials, etc.) due to an improper configuration of access rights of the configuration file.
[2012-06-18] Critical vulnerability in Airlock web application firewall
The Airlock WAF protection can be completely bypassed by submitting requests that contain specific overlong UTF-8 sequences.
[2012-05-18] OpenOffice.org memory overwrite vulnerability
OpenOffice.org 3.3 and 3.4 Beta versions include the customized libwpd version 0.8.8 library that has a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution.
[2012-03-28] Critical vulnerability in Microsoft ASP.NET Forms
ASP.NET Forms suffers from a critical authentication bypass / elevation of privileges vulnerability. An attacker is able to take over other user accounts. This is a detailed follow-up advisory to the advisory from 2011-12-30 including a proof-of-concept video.
[2012-03-28] Critical SQL Injection in F5 FirePass SSL VPN allows unauthenticated remote root
Due to insufficient input validation within the software, an unauthenticated attacker can escalate a critical SQL injection vulnerability to execute arbitrary commands in the context of the administrative super user ("root").
[2012-03-15] Multiple permanent cross-site scripting vulnerabilities in EMC Documentum eRoom
Due to improper input validation, Documentum eRoom suffers from multiple permanent cross-site scripting vulnerabilities, which allow an attacker to steal other user's sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms.
[2012-02-20] Vulnerabilities in ELBA Electronic Banking application
An attacker is able to extract the whole database through SQL injection and take over other user accounts. Furthermore, ELBA v5.4.1 is prone to an information disclosure and denial-of-service vulnerability.
[2012-02-20] Multiple critical vulnerabilities in Voxtronic Voxlog Professional
An attacker is able to completely compromise the operating system with highest system rights because of critical vulnerabilities with the Voxlog voice recording solution.
[2012-01-04] Multiple critical vulnerabilities in Apache Struts2
Apache Struts2 fails to sanitize user supplied OGNL expressions sufficiently. An attacker can overwrite arbitrary files or execute arbitrary code on the target server.
[2011-12-30] Critical vulnerability in Microsoft ASP.NET Forms
ASP.NET Forms suffers from a critical authentication bypass / elevation of privileges vulnerability. An attacker is able to take over other user accounts. A more detailed advisory will be published at a later date.
[2011-12-19] Multiple vulnerabilities in WhatsApp
WhatsApp Messenger has security issues regarding the registration process, update of user profiles and confidentiality of the communication.
[2011-12-19] Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet
An attacker is able to upload arbitrary files to an arbitrary path on the victim's computer through a vulnerability in SecCommerce SecSigner Java Applet.
[2011-10-12] Critical security issue in Microsoft Forefront UAG
The client-side endpoint security solution Microsoft Forefront UAG (e.g. supplied by Microsoft Outlook Web App) has a critical vulnerability that allows an attacker to remotely execute arbitrary code on the client.
[2011-08-10] Critical security issue in Check Point SSL VPN On-Demand applications
SSL Network Extender (SNX) is a browser plug-in that provides clientless remote access, while delivering full network connectivity for any IP-based application.
[2011-07-04] Libmodplug ReadS3M Stack Overflow
The Libmodplug library is prone to a stack based buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious S3M media files e.g. through VLC, gstreamer or other media players that use Libmodplug.
[2011-07-01] Multiple SQL injection vulnerabilities in WordPress blog publishing application
Multiple SQL injection vulnerabilities in WordPress allow a malicious Editor-level user to gain further access to the site.
[2011-06-06] Multiple cross-site scripting issues in Plone Content Management System
Multiple XSS vulnerablities in Plone CMS allow for session theft and relogin trojan attacks.
[2010-10-21] Multiple critical vulnerabilities in Sawmill Enterprise log file analysis software
Sawmill suffers from multiple vulnerabilities that allow an attacker e.g. to execute arbitrary commands, read/write files on the file system or create admin user accounts without authentication.
[2010-02-08] Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web Interface
Xerox WorkCentre 5665/5675/5687 has a Backdoor that allows access to any folder. The Software has also a flawed user validation. In some cases it is possible to access multiple pages that would require authentication.
[2010-01-15] Local file inclusion/execution and multiple Cross-Site-Request-Forgery vulnerabilities in LetoDMS (formerly MyDMS)
LetoDMS (formerly MyDMS) is prone to local file inclusion/execution and multiple cross-site-request-forgery vulnerabilities. The file inclusion vulnerability can be used to read files from the web server and to execute malicious PHP-code.
[2009-12-17] Authentication bypass and file manipulation in Sitecore Staging Module
The Sitecore Staging Webservice is vulnerable to authentication bypass and therefore files can be uploaded in arbitrary directories on the server.
[2009-09-17] Multiple Vulnerabilities in RADactive I-Load
RADactive I-Load 2008.2.4.0 is prone to multiple vulnerabilities such as file disclosure, which allows an attacker to read arbitrary files (with the permission of the webserver) and an arbitrary file upload vulnerability.
[2009-09-01] ile disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console
JSFTemplating, Mojarra Scales and the admin console of GlassFish Application Server v3 are vulnerable to a file disclosure vulnerability which allows an attacker to read arbitrary files (with the permission of the webserver) and retrieve directory listings of the whole server.
[2009-07-20] Symbian S60 / Nokia firmware media codecs multiple memory corruption vulnerabilities
Multiple memory corruption vulnerabilities have been identified in multimedia codecs used by the RealPlayer and MMS viewer on Nokia's Symbian/S60 based smartphones. An attacker could leverage these bugs to gain control of the program counter register and execute arbitrary code on a target smartphone. The bugs can be triggered directly inside the MMS viewer of the target, by sending an MMS with an embedded video file.
[2009-06-05] Apache Tomcat User Enumeration Vulnerability
Due to insufficient error checking in some authentication classes, Apache Tomcat allows for the enumeration (brute force testing) of usernames by supplying illegally URL encoded passwords. The attack is possible if form based authenticiaton (j_security_check) is used.
[2009-05-25] Nortel Contact Center Manager Server Authentication Bypass
The Nortel Contact Center Manager Server web application relies on client side cookies to check the roles of authenticated users. Authentication can be bypassed by manually setting the required cookies. By exploiting this vulnerability, an attacker can bypass authentication and access the Nortel Contact Center Manager Server.
[2009-05-25] Nortel Contact Center Manager Server Password Disclosure
The Nortel Contact Center Manager Server web application provides a SOAP interface. This interface does not need authorisation and responds to certain requests with sensitive information.
[2009-05-25] SonicWALL Global Security Client Local Privilege Escalation Vulnerability
Local exploitation of a design error in SonicWALLs Global Security Client could allow attackers to obtain increased privileges.
[2009-05-25] SonicWALL Global VPN Client Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability exists in SonicWALL Global VPN client. By exploiting this vulnerability, a local attacker could execute code with LocalSystem privileges.
[2009-05-25] SonicOS Format String Vulnerability
A format string vulnerability exists in the logfile parsing function of SonicOS. An attacker could crash the system or execute arbitrary code by injecting format string metacharacters into the logfile, if an administrator subsequently uses the SonicOS GUI to view the log.
[2009-04-29] Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000
The wireless LAN gateway AMG-2000 from LevelOne uses a misconfigured Squid proxy which allows an attacker to access the admin interface and the internal network. Furthermore the administration interface shows the passwords of all users and other sensitive settings in plain text.
[2009-04-15] Novell Teaming Multiple Vulnerabilities
Multiple vulnerabilities have been identified in Novell Teaming. These include enumeration of usernames, information disclosure, and cross site scripting flaws. An attacker could leverage these vulnerabilities to collect information about the system and its users and conduct effective (XSS supported) hybrid phishing attacks.
[2009-04-15] Nortel Application Gateway 2000 Password Disclosure Vulnerability
The Nortel Application Gateway provides a web based administration interface. This interface responds with sensitive information to unauthorized users.
[2009-03-10] NextApp Echo XML Injection Vulnerability
Unverified XML Data is passed from the client (Webbrowser) to the NextApp Echo Engine and consequently to an underlying XML Parser. This leading to a typical XML Injection scenario.
[2009-03-10] IBM Director CIM Server Remote Denial of Service Vulnerability
The CIM server contained in the IBM Director suite for Microsoft Windows is vulnerable to a remote denial of service attack. The vulnerability allows an attacker to crash the service remotely. It will not be possible to reach the IBM Director agent until the service is manually restarted.
[2009-03-10] Director CIM Server Local Privilege Escalation Vulnerability
The CIM server which comes with IBM Director suite for Microsoft Windows contains a local privilege escalation vulnerability because the application fails to properly validate incoming indication requests. By exploiting this vulnerability an attacker can run arbitrary code with the privileges of the CIM server process (LOCAL SYSTEM in the Windows version).
[2008-12-19] Fujitsu-Siemens WebTransactions remote command injection vulnerability
Fujitsu-Siemens WebTransactions is vulnerable to remote command injection. This vulnerability allows an attacker to execute arbitrary commands on the affected system.
[2008-12-09] Microsoft SQL Server sp_replwritetovarbin limited memory overwrite vulnerability
A vulnerability has been identified in Microsoft SQL Server. By calling the sp_replwritetovarbin extended stored procedure, an attacker can write to arbitrary memory locations and could subsequently execute code in the context of the SQL server process. By default, the affected stored procedure is accessible to all users. This vulnerability can be exploited by malicious users connecting to the SQL Server instance or via SQL injection flaws.
[2008-10-16] Remote command execution in Instant Expert Analysis signed Java applet and ActiveX Control
The Instant Expert Analysis ActiveX control, used by millions of users on sites run by NVIDIA, Activision, Electronic Arts UK, Eidos, CNET, IGN, and AMD, can be misused to run arbitrary code on the client's systems.
[2007-12-04] SonicWALL Global VPN Client Format String Vulnerability
A format string vulnerability exists in SonicWALL Global VPN Client. The vulnerability can be triggered by importing a specially crafted configuration file.
[2007-11-01] Multiple Vulnerabilities in SonicWALL SSL-VPN Client
Multiple critical vulnerabilities have been found in the ActiveX components of SonicWALL SSL-VPN client. These vulnerabilities allow deletion of arbitrary files as well as arbitrary code execution on the client.
[2007-10-31] Perdition IMAP Proxy Format String Vulnerability
Perdition IMAP proxy is susceptible to a format string vulnerability. By exploiting this flaw, an attacker could execute arbitrary code on the affected system.
[2007-10-12] Madwifi xrates element remote DOS
Madwifi, the popular Atheros wireless device driver for linux, is vulnerable to a denial of service attack. An attacker could crash client machines that are listening for beacon frames using a fake access point.
[2007-07-22] Remote command execution in Joomla! CMS
The search component of Joomla! v1.5 beta2 allows an attacker to execute arbitrary PHP commands. It is e.g. possible to execute OS commands via system() calls. An attacker does not need to be authenticated to perform this attack!
[2007-06-01] PHP chunk_split() integer overflow
Due to missing input validation in the chunk_split function, the wrong size for a buffer is calculated. This can result in the allocation of a too small memory which leads to a buffer overflow.
[2007-05-09] Multiple vulnerabilities in Nokia Intellisync Mobile Suite
Nokia Intellisync Mobile Suite v6 suffers from multiple vulnerabilities, such as information/source code disclosure, cross site scripting and denial of service.
[2007-03-14] Apache HTTP Server / Tomcat directory traversal
If the Apache HTTP Server and Tomcat are configured to interoperate with the common proxy modules (mod_proxy, mod_rewrite, mod_jk), an attacker might be able to break out of the intended destination path up to the webroot in Tomcat.
[2007-03-09] MySQL 5 Single Row Subselect Denial 0f Service
MySQL 5 can be crashed by issuing specially crafted sql queries.
[2007-02-07] File Disclosure in Pagesetter for PostNuke
The 3rd party module Pagesetter - up to its latest version (6.3.0 beta 5) - for PostNuke allows to read arbitrary files. An attacker does not need to be logged in but has to know the filename.
[2006-12-20] TYPO3 Remote Command Execution Vulnerability
The open source CMS TYPO3 is vulnerable to a remote command execution vulnerability. It can be exploited without logging into the backend and allows to completely compromise the web server where TYPO3 is installed.
[2006-06-28] Outlook Web Access Cross Site Scripting Vulnerability - Vulnerability Details
Microsoft Exchange Server 2000 and 2003 which contain Outlook Web Access are vulnerable to cross site scripting attacks, alowing an attacker to steal session information using manipulated emails. An attacker can use this vulnerability to gain access to other people's emails.
[2006-06-13] Outlook Web Access Cross Site Scripting Vulnerability
Microsoft Exchange Server 2000 and 2003 which contain Outlook Web Access are vulnerable to cross site scripting attacks, alowing an attacker to steal session information using manipulated emails. An attacker can use this vulnerability to gain access to other people's emails.
[2006-05-12] Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure
Enterprise FW leaks internal IPs of natted machines in response to certain HTTP requests.
[2006-04-13] Opera Browser CSS Attribute Integer Wrap / Buffer Overflow
A buffer overflow can be triggered in Opera Browser due to a signedness error in the processing of CSS tags.
[2005-12-23] File Disclosure im Oracle AS Discussion Forum Portlet
OracleAS Discussion forum is prone to a file disclosure vulnerability. By leveraging this flaw, the attacker can read arbitrary files on the webserver.
[2005-12-23] Oracle AS Discussion Forum Portlet XSS
Multiple XSS Vulnerablities in Oracle AS Discussion Forum allow for Session Theft and Relogin Trojan Attacks.
[2005-12-12] Nortel SSL VPN Cross Site Scripting/Command Execution
Nortels SSL VPN Web Client is vulnerable to cross site scripting/command execution. By supplying a malicious Link, an attacker can execute commands on the system of the vpn client.
[2005-12-11] Horde Cross Site Scripting
Multiple Applications from the Horde Framework are vulnerable to cross site scripting attacks, thus allowing hijacking of session information.
[2005-12-02] Webmail Security and Browser related XSS Bugs
In this security information, we address serveral fixed and unfixed Cross Site Scripting flaws of large scale webmail providers.
[2005-12-02] Cross Site Scripting in GMX Webmail
GMX Webmail is prone to Cross Site Scripting Attacks. Attackers could exploit this flaw to steal session credentials of valid users.
[2005-11-25] Multiple Vulnerabilities in vTiger CRM
vTiger CRM is vulnerable to multiple security flaws that allow an attacker to gain administrativ privilediges on the CRM and execute arbitrary commands on the system.
[2005-11-07] Macromedia Flash Player ActionDefineFunction Memory Corruption
Loading a specially crafted SWF leads to an improper memory access condition which can be used to crash flash player or may be exploited as a vector for code execution.
[2005-11-07] toendaCMS multiple vulnerabilities
ToendaCMS contains various security flaws. These include theft of CMS usernames and passwords, session theft, directory traversal / reading of arbitrary files and arbitrary file uploads.
[2005-10-25] RSA ACE Web Agent XSS
Due to inadequate input validation, RSA Authentication Agent is vulnerable to a Cross Site Scripting attack.
[2005-10-25] Snoopy Remote Code Execution
Whenever an SSL protected webpage is requested with one of the many Snoopy API calls, it calls the function _httpsrequest which takes the URL as argument. Using a specially crafted URL, an attacker can supply arbitrary commands that are executed on the web server with privileges of the web user.
[2005-10-21] Yahoo / IE6 XSS
Since April 2005, SEC Consult is reporting numerous Cross Site Scripting vulnerabilities in Yahoo Webmail. These vulnerabilities allow an attacker to steal session cookies and to perform other attacks like classic XSS, relogin-Trojan and Phishing.
[2005-06-29] IE6 javaprxy.dll COM instantiation heap corruption
The Internet Explorer loads COM objects into his process memory even if they are not ActiveX Controls. These COM objects could be embedded with <object> tags. In most cases this results in a crash of the browser itself. In case of the "javaprxy.dll" this issue could lead to malicious code execution.
[2005-06-17] Source Code Disclosure in Yaws Webserver
If a null byte is appended to the filename of a yaws script, the yaws webserver returns a page containing the source code of the according script. This flaw allows a malicious attacker to analyse the source code of the entire web application, which might result in the attacker gaining sensitiv information like passwords.
[2005-06-02] Arbitrary File Inclusion in phpCMS 1.2.x
Due to insufficient input validation, arbitrary files can be read using phpCMS 1.2.x.
[2005-06-02] Exhibit Blind SQL Injection
Using blind SQL injection, data from Exhibit Engine's database can be read.
[2005-05-22] Yahoo Webmail Cookie Theft
Yahoos blacklists fail to detect script-tags in combination with special characters like NULL-bytes. This leavas Webmail users using MSIE vulnerable to typical XSS / Relogin-trojan / Phishing / Pharming attacks.
[2004-12-16] PHP Input Validation Vulnerabilities
PHP contains a vulnerability that allows an attacker to use NULL bytes to disclose local files. A second vulnerability exists that makes it possible to perform directory traversal for uploaded files.
[2004-12-13] Multiple Vulnerabilities in SugarSales
Multiple Vulnerabilities have been found in the open source customer relationship management software SugarSales. These vulnerabilities are: Full Path Disclosure, Install Script, File Inclusion/Remote Command Execution, SQL Injection. Some of the vulnerabilities described in this advisory can only be exploited while logged into SugarSales, however there are also numerious flaws that can be exploited by a bypasser without the knowledge of a username or password.
[2004-11-29] Password Disclosure for SMB Shares in KDE's Konqueror
The KDE program Konquerer allows for browsing SMB shares comfortably through the GUI. By placing a shortcut to an SMB share on KDE's desktop, an attacker can disclose his victim's password in plaintext.
[2004-09-23] Motorola Wireless Router WR850G Authentication Circumvention
Motorola's Wireless Router WR850G contains a vulnerability that allows an attacker to log into the system without knowing username or password. Additionally hidden pages exist in the web interface that disclose username and password of the administrator.
[2004-06-06] PHP escapeshellarg Windows Vulnerability
Because of an input validation flaw in PHP, an attacker can execute shell commands even though the function escapeshellarg was used.
[2004-03-30] Multiple Vulnerabilities in LinBox
Multiple security flaws in LinBox allow an attacker to change system settings, read user passwords in plaintext and execute commands over SSH on the system.
[2003-09-01] Internet Transaction Server Multiple Vulnerabilities
Multiple vulnerabilities in SAP Internet Transcation Server allow an attacker to read hidden information or perform Cross Site Scripting attacks.
[2003-07-24] paFileDB 3.1 OS-Cmd execution
Two security flaws in paFileDB 3.1 allow an attacker to execute arbitrary commands on the system. Additionally an attacker can upload arbitrary files to the server.
[2003-07-14] W-Angora Multiple Vulnerabilities
W-Angora 4.1.5 features multiple security flaws that can lead to compromising of the system. The flaws include: Information/Path Disclosure, Arbitrary File Upload, OS Command Execution, Cross Site Scripting.
[2003-07-11] Invision Powerboard V.1.1.2 Multiple Vulnerabilities
Invision Powerboard is vulnerable agains Cross Site Scripting and SQL Injection attacks. The attacker might be able to use the flaws to gain control over the system.
[2003-02-28] Axis Webcam DOS
The web administration interface of Axis 2400 webcams contains two security flaws that allow an attacker to perform denial of service by shutting down the camera.
[2003-02-28] Typo3 3.5b5 Security Check Results
During a security check of Typo3 3.5b5 multiple serious vulnerabilities have been discovered. Those are: Path Disclosure, Arbitrary File Retrieval/Command Execution and Cross Site Scripting.
SEC Consult Blog
SEC Consult - Home
Contact
Tel.:
+43 1 890 30 43 0
Fax:
+43 1 890 30 43 15
logo_secover.pnga7700.png